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CONFIDENTIALITY 


The information in this document is confidential and shall not be disclosed to any third party in 


whole or in part without the prior written consent of Atos Worldline S.A./N.V. 





COPYRIGHT 


The information in this document is subject to change without notice and shall not 
be construed as a commitment by Atos Worldline S.A./N.V. 


The content of this document, including but not limited to trademarks, designs, logos, text, images, 
is the property of Atos Worldline S.A/N.V. and is protected by the Belgian Act of 30.06.1994 
related to author’s right and by the other applicable Acts. 


The contents of this document must not be reproduced in any form whatsoever, by 
or on behalf of third parties, without the prior written consent of Atos Worldline 
S.A/N.V. 

Except with respect to the limited license to download and print certain material 
from this document for non-commercial and personal use only, nothing contained 
in this document shall grant any license or right to use any of Atos Worldline 
S.A./N.V.’s proprietary material. 





LEGAL DISCLAIMER 


While Atos Worldline S.A./N.V. has made every attempt to ensure that the 
information contained in this document is correct, Atos Worldline S.A./N.V. does 
not provide any legal or commercial warranty on the document that is described in 
this specification. The technology is thus provided “as is” without warranties of 
any kind, expressed or implied, included those of merchantability and fitness for a 
particular purpose. Atos Worldline S.A./N.V. does not warrant or assume any legal 
liability or responsibility for the accuracy, completeness, or usefulness of any 
information, product or process disclosed. 

To the fullest extent permitted under applicable law, neither Atos Worldline 
S.A./N.V. nor its affiliates, directors, employees and agents shall be liable to any 
party for any damages that might result from the use of the technology as described 
in this document (including without limitation direct, indirect, incidental, special, 
consequential and punitive damages, lost profits). 





JURISDICTION AND APPLICABLE LAW 


These terms shall be governed by and construed in accordance with the laws of 


Belgium. You irrevocably consent to the jurisdiction of the courts located in 
Brussels for any action arising from or related to the use of this document. 





sa Atos Worldline nv — Chaussée de Haecht 1442 Haachtsesteenweg 
B-1130 Bruxelles-Brussel - Belgium 
RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872 
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2. SCOPE OF THE DOCUMENT 


This document provides an overview of all operations that have to be performed by 
the DEP Atos Worldline Security Officer (DEP AWL security officer) or by the Third 
Party’s Security Officer to set-up and maintain a DEP Environment. 


The document describes how to create a new customer to be managed, together with 
the management of the KAWL key, the BKS Authority Keys, DEP Control Cards 
(DCCs) and Application Software integrity/confidentiality. It deals also with the 
delivery procedures that have to be followed to maintain security when distributing 
the DEP products are also described. 


This guide is especially intended for the DEP AWL security Officer or the Third 
Party’s Security Officer but could offer additional information to other audience. 


3. REFERENCES 


This document contains references to other documents about the DEP. This paragraph 
gives a list of all the documents referred to: 


e DEP PC-AUX Program User Manual 

e DEP C-ZAM/DEP User Manual 

e DEP Customer’s Security Officer’s Guide 
e DEP Security Mechanisms 

e DEPY/NT Installation Guide 

e DCC Personalisation System User Manual 
e DEP General Architecture 

e DEP/PCI Security Policy 


There are no references made to the following documents, but they could be useful to 
understand this document. 


e DEP Introduction to DEP 
e DEP Glossary 
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4. ATOS WORLDLINE ENVIRONMENT 


The DEP AWL security Officer maintains the environment that is used for generating 
the deliveries. This environment is situated at the Atos Worldline office. Only DEP 
AWL security Officers are allowed to use this environment. 


The environment consists of: 


e APC, not connected to any network, containing: 
o The DCC Personalisation System for the creation of DCCs and 
software signature, 
o Logbooks containing the created deliveries. 
e AC-ZAM/PC, serving as a Smart Card Reader/Writer, 
e A printer, connected to the PC, used to print PIN codes of DCCs. 


The PC, C-ZAM/PC and printer are located at the Atos Worldline T&P department in 
the DEP group (T&P/ENG/DEP). 


5. AUTHORITY LEVELS AND MODES OF 





OPERATION 


5.1. SET-UPS 


The DEP/PCI must be first configured from the Original Password State (initial state 
with the boot software) to the state DEP Application loaded. During this phase, the 
KAWL key will play an important role for software integrity checking. 


As described in the document DEP General Architecture, in the state DEP 
Application loaded, there are different Authority Levels. All the devices of a 
functional operational DEP Environment should be set to the Customer Authority 
Level. 


To increase the security and the manageability of the system, it is decided that every 
customer receives a unique KAWL key and a unique set of BKS Authority Keys. 


Because these keys are different/unique per customer, they can be given to the specific 
Customer’s Security Officer without jeopardising the DEP Environment of other 
customers. The Customer’s Security Officer can reload the C-ZAM/DEP and the DEP 
Platform on his own without any intervention by DEP AWL security Officer. 


For more information about Authority Levels, refer to the document DEP General 
Architecture. 
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5.2. KAWL KEY SET-UP 


This key will be used by the Customer administrators to initialise the DEP/PCI and by 
the customer operator of the software-loading group to load DEP Application 
Software. 
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5.3. KBKS KEYS SET-UP 


These keys are used at the application-loaded phase to personalize the DEP/PCI so 
that it can use the cryptographic functions. 
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These 2 set-ups are the basis for the DEP AWL Security Officer operations. 


5.4. DCCS AND MODES OF OPERATION 
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A standard distribution of DCCs is defined. This package contains DCCs for the Test 
Mode of Operation and the Live Mode of Operation. The Customer Identification 
0001 is used for the entire set of test DCCs. 


All the delivered DCCs are at BKS Authority Level. 


The following DCCs are handed over to the Customer’s Security Officer when the 
standard package is delivered: 


e 2 DCC Storage with TEST Mode of Operation (CUST ID 0001) containing 
the KM_AUTH_BKS and the CAP_AUTH_CUST 

e 2 virgin DCC Storage with TEST Mode of Operation (CUST ID 0001) 
1 DCC List with TEST Mode of Operation (CUST ID 0001) containing the 
Atos Worldline Definition List (see paragraph 6 on page 10) 


e 2x2 DCC Storage with LIVE Mode of Operation containing the 
KM_AUTH_BKS and the CAP_AUTH_CUST 

e 16 virgin DCC Storage with LIVE Mode of Operation 

e 5 DCC List with LIVE Mode of Operation containing the Atos Worldline 
Definition List (see paragraph 6 on page 10) 


trol Card L / Card 
CUST 0007 CUST 0007 CUST 0007 
DCC xxxxxxxx DCC xxxxxxxx DCC Xxxxxxxx 


> KM_AUTH_BKS 
BKS: CAP_AUTH_CUST 


cusT: ... 


banksys os banksys banksys 


@) rd ard. 
CUST xxxx CUST Xxxxx CUST xxxx 
DCC Xxxxxxxxx DCC xxxxxxxx DCC Xxxxxxxxx 
INIT: KM_AUTH_BKS - 
BKS: CAP_AUTH_CUST 


CUST: ... 


banksys oo banksys 





The DCCs are PIN protected to avoid un-allowed access to the information on the 
DCCs. The DCCs given to the customer are protected by the PIN “1234”, it is the 
responsibility of the Customer Security Officer to change this PIN. 
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The DCCs with the KM_AUTH_BKS and CAP_AUTH_CUST contain sufficient 
information for the Customer’s Security Officer to generate the CUST Authority 
Keys. Note that the DEP AWL Security Officer will not define the CUST Authority 
Keys. The Customer’s Security Officer will define his own CUST Authority Keys. In 
this way he can be certain he is the only one knowing the secret values. 


More information on the creation of the CUST Authority Keys can be found in the 
document DEP Customer’s Security Officer’s Guide. 


Additional DCCs can be obtained on request. E.g. it could also be possible that the 
customer needs additional DCCs for storing keys and capabilities; although the 
Customer’s Security Officer has received two identical DCC sets containing the 
necessary information to create the CUST Authority Keys, it could always be possible 
that the customer needs additional DCCs containing the BKS Authority Keys and the 
CUST Authority Capability (e.g. in case of defect)... 


6. CREATING BANKSYS DEFINITION LIST 


6.1. DESCRIPTION 


The banksys Definition Lists are the Definitions Lists at BKS Authority Level. They 
need to be generated before DCCs can be created. 


The creation of the Atos Worldline Definition Lists is done using the DEP PC-AUX 
Program. For a detailed description of how to use this program, refer to the DEP PC- 
AUX Program User Manual. 


The following Definition Lists must be created: 


e BKS Secret Sharing Definition List 
e BKS Capability Definition List 
e BKS Key Definition List 


Of course, these Definition Lists should only be created when they do not exist yet. 


6.2. CREATE THE BKS SECRET SHARING DEFINITION 
LIST 


Enter the following secret sharing scheme in the Secret Sharing Definition List (refer 
to the DEP PC-AUX Program User Manual). 
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6.3. CREATE BKS CAPABILITY DEFINITION LIST 


Enter the following capability definitions in the Capability Definition List (refer to the 
DEP PC-AUX Program User Manual). 


SSH_IDX 
05F00100 CAP_AUTH_CUST 00 


6.4. CREATE BKS KEY DEFINITION LIST 


Enter the following key definitions in the Key Definition List (refer to the DEP PC- 
AUX Program User Manual). 


OLD DEFINITION LIST FORMAT 
TAG | NAME LENGTH SSH_IDX TYPE | ENTRY | CV1 | CV2 | CV3 | NO 


| 04F01600__ | KM_AUTH_CUST [0060 foo for cf 00 0000-0000 _] 





NEW — LIST FORMAT 





04F01600 KM_ AUTH _ -CUST 0060 01 0000 


6.5. SAVE THE DEFINITION LISTS ON THE PC 


When the Definition Lists are created they must be saved (refer to the DEP PC-AUX 
Program User Manual). 


Afterwards they are included (through a shortcut) in the DCC Personalisation System. 


7. CREATING A NEW CUSTOMER 


As described in the document DEP Security Mechanisms, there are two alternative 
methods to bring the DEP Environment in BKS Authority Level: 


e BKS Authority Keys are generated inside the C-ZAM/DEP 
e BKS Authority Keys are generated by the DCC Personalisation System 


Creating a new customer is different between the two methods, especially for the 
creation of the DCCs and the management of the BKS Authority Keys. 
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Because in practice only the latter alternative is used, the paragraphs below do not 
explain the use of the C-ZAM/DEP when creating a new customer. 


7.1. CREATING CUSTOMER IDENTIFICATION 


Each customer has to be assigned a unique Customer Identification number (CUST 
ID), identifying the customer in the DEP Environment. A CUST ID is defined as a 2 
byte hexadecimal value. 


To guarantee the uniqueness, it is necessary to keep a table with the names of the 
customers and their CUST ID. This table is managed in the DCC Personalisation 
System. 


This task has to be performed only once for each new customer. 


Remark that one CUST ID (0001) is dedicated to a Test Customer. This CUST ID is 
then used for setting up a test environment. 


7.2. CREATING BANKSYS AUTHORITY KEYS 


For every customer, a unique set of BKS Authority Keys has to be defined. The DCC 
Personalisation System generates automatically new and random BKS Authority Keys 
when creating a new Customer (Identification). 


After the generation of the BKS Authority Keys, they will be saved in a password- 
encrypted database and will remain under control of the DEP AWL Security Officer 
that possesses the password. 


This task has to be performed only once for every new customer. 


For more information, refer to the DCC Personalisation System User Manual. 


7.3. CREATING KAWL KEY 


For every customer, a unique set of KAWL key has to be defined. The DCC 
Personalisation System generates automatically new and random KAWL key when 
creating a new Customer (Identification). 


After the generation of the KAWL, it will be saved in a password-encrypted database 
and will remain under control of the DEP AWL Security Officer that possesses the 


password. 


This task has to be performed only once for every new customer. 
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For more information, refer to the DCC Personalisation System User Manual. 


8. CREATING DCCS 


DCCs can only be created for customers previously created and still available in the 
DCC Personalisation System. 


During the creation of the DCCs, different information should be delivered to the 
DCC Personalisation System: 


e Indication whether a DCC List or a DCC Storage is personalised 


e The Mode of Operation is TST or LIV, depending on a test environment or 
live environment 


e The destination customer is selected by its unique CUST ID as generated 
(see paragraph 7.1 on page 12) 


e The total number of DCCs and (only for DCC Storage) how many DCCs 
need to be created with the BKS Authority Key and the CUST Authority 
Capability 


e Optionally, a dedicated PIN code can be entered (PIN 1234 is used for 
DCCs in TEST Mode of Operation) 


e The earlier created Atos Worldline Definition Lists (see paragraph 6 on 
page 10) implicitly used by the DCC Personalisation System 


8.1. CREATION PROCESS 


During the personalisation process of the DCC, the DCC Personalisation System 
writes all the necessary information to obtain the DCCs defined in paragraph 5.4 on 
page 8. 


The personalisation of DCCs is under control of the DEP AWL Security Officer that 
manages the password delivering access to the DCC Personalisation System. 


During personalisation, the DCCs are put at BKS Authority Level. This means that: 
e The complete directory structure of the DCC is created (INIT — BKS - 
CUST), 
e At INIT Authority Level, the keys IK and AK, and the PIN are stored. 


Two different card types are personalized: a DCC Storage and a DCC List: 
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e DCC List: the lists with keys, capabilities and secret sharing schemes are 
stored on INIT Authority Level, 

e DCC Storage: the KM_AUTH_BKS at INIT Authority Level and the 
CAP_AUTH_CUST are generated and stored at BKS Authority Level. 


8.1.1. Personalization of the Storage DCCs 


During the personalization of the DCCs storage following parameters must be 
defined: 


e Customer 

e Cust_ID 

e Mode 

e Card type and number 
e Card Parameters 

e Version number 


8.1.1.1.Customer and Cust_ID 


The Customer and its CUST_ID selected by default is the first one in the database. 
Select the correct customer and Cust_ID needed. If the customer does not exist yet, 
create a new, unique, Cust_ID. 


8.1.1.2.Mode 


Select the correct mode needed. Following modes are available: 


e LIV 
e DEV 
e TST 


8.1.1.3.Card type and number 


Select Storage and enter the number of cards that will be personalized with the 
KM_AUTH _BKS and CAP_AUTH_CUST. The total number of cards will increase at 
the same time. 


8.1.1.4.Card Parameters and Version Number 


e Pin Code: The Pin Code is defined randomly. The check box “Pin randomly 
generated” must be checked. 
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e DCC ID: The DCC_ID is extracted from the database and automatically 
incremented with 1 hex. 


e Version Nb: The version number equals ‘0001’. 


8.1.1.5.Write the Storage DCC 


The application checks the data and after the confirmation of the DEP AWL Security 
Officer and the insertion of the First Storage DCC, the personalization will start. The 
DCC Personalisation System asks automatically for following DCCs to be inserted. 


Each Liv DCC Storage and its PIN is delivered in a separate secure envelope. The 
secure envelopes provide tamper evidence. The customer Security Officer can contact 
the Atos Worldline sales representative to obtain the identification numbers of the 
secure envelopes. 


8.1.2. Personalization of the List DCCs 


During the personalization of the DCCs list following parameters must be defined: 


e Customer 

e Cust_ID 

e Mode 

e List Init 

e Total number of cards 
e Version number 


The Customer, Cust_ID, Mode and version number are handled in the same way as 
the personalization of the Storage DCCs. 


8.1.2.1.List Init 


Personalizing a DCC List, the List Init must be selected because every customer has 
his own Definition Lists. List Init indicates that the default Definition Lists containing 
the capabilities and Authority keys will be written at INIT Authority Level on the 
DCC card. 


8.1.2.2.Number sets of cards 


For the DCC List, Nbr sets of cards are equal to 2. It indicates how many times the 
Security Officer wants to write the Definition Lists. 
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8.1.2.3.Write the List DCCs 


The application checks the data and after the confirmation of the Security Officer and 
the insertion of the First List DCC, the personalization will start. The DCC 
Personalisation System asks automatically for following DCCs to be inserted. 


For more information, refer to the DCC Personalisation System User Manual. 


8.2. DATABASE STORAGE 


For each created DCC following information is stored (encrypted) in a database: 


e Cust_ID 

e Date of creation 

e Pin Code 

e Mode 

e Atos Worldline Authority Key 


Additional, for each customer, the Application Software together with the 
Authentication Code is kept in the same database. 


This database is kept on the stand alone PC and protected by a pass-phrase. The pass- 
phrase is required once during following operations: 


To add, to delete or to edit a customer 

To change the pass-phrase, to compute a certificate (SAC) 
e To decrypt a PIN 

To write a DCC. 


A logging is kept of all the personalised DCCs containing the personalisation date and 
time, the DCC ID, the CUST ID and the PIN code. There is a different logging for 
DCC List and DCC Storage. 


For more information, refer to the DCC Personalisation System User Manual. 


8.3. PIN PRINTING 


Because a random PIN is generated for every created DCC (except when entering a 
dedicated PIN code, e.g. for test DCCs), a list of the DCC Identifications and their 
corresponding PIN codes must be supplied to the Customer’s Security Officer. 


All initial PIN codes are stored in the password-encrypted database of the DCC 
Personalisation System. 
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The DEP AWL Security Officer can print the clear-text values of the PIN codes on 
paper. 


For more information, refer to the DCC Personalisation System User Manual. 


9. APPLICATION SOFTWARE INTEGRITY AND 





SOW VID OCU Ue 


For every customer and every Application Software version, a Software 
Authentication Code needs to be calculated to guarantee the integrity of the 
Application Software and to identify the supplier. A Software Authentication Code is 
a Message Authentication Code calculated over the DEP Application Software'. The 
DEP AWL Security Officer calculates it. 


In addition, the Application Software is encrypted by the DEP AWL Security Officer 
to guarantee the confidentiality. 


This Software Authentication Code and the encrypted Application Software are 
calculated with the KAWL, and thus unique for every customer. Because the unique 
KAWL key for every customer is kept in the password-encrypted database of the DCC 
Personalisation System, only this system can calculate the Software Authentication 
Code and encrypt DEP Application Software. 


For this operation, the following information is needed: 


e The Mode of Operation is TST or LIV, depending on a test environment or 
live environment 


e The destination customer is selected together with its unique CUST ID as 
generated (see paragraph 7.1 on page 12) 


e The clear-text Application Software 
The output is the encrypted Application Software and a Software Authentication Code 
File containing the Software Authentication Codes for the selected Application 


Software and the selected customer‘(s). 


For more information, refer to the DCC Personalisation System User Manual. 


10. DELIVERY 





"Tt is an AES256 CMAC evaluated on the DEP Application Software 
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A DEP AWL Security Officer creates all deliveries. All deliveries are handed over to 
the Security Officer of the customer. 


The Cust_ID (Customer Identification Number) is communicated to the customer 
Security Officer by the DEP technician (DEP TECH) during the first delivery. 


10.1. DELIVERY HARDWARE 


A DEP technician always does the delivery. It consists of: 


e Depending on the configuration: 
o A DEP Platform with at least one DEP Crypto Module, or 
o One or more DEP Crypto Modules, 

e One or more C-ZAM/DEPs, 

e A four digit Customer Identification number (Cust_ID), 

e The following DCCs together with their PIN: 


Test DCC Lists 

Test DCC Storage 

Liv DCC lists 

o Liv DCC Storage 

e 2 envelopes with the pre-expired usernames and passwords, for the Customer 
administrators, 

e 2 envelopes with the KAWL key component with their corresponding key check 
value (key check of type NORM), 


(om Ommne) 


It is the task of DEP marketing and sales (DEP MKT) to provide the DEP technician 
with the contact information head Security Officer of the customer. 


The customer can ask for the name of the DEP technician to his Atos Worldline sales 
representative. Atos Worldline DEP technicians always carry their identity card. This 
allows the customer to verify the identity of the person presenting himself as being the 
DEP technician. 


10.1.1.DEP Platform 


A DEP Platform is a DEP/T6, a DEP/XP or a DEP/NT. In this latter, the description 
of the PC containing the DEP Crypto Module can be found in the DEP/NT 
Installation Guide. DEP Platforms are installed and configured by the DEP technician 
(Operating System, DEP management software, IP communication software). 


When the customer chooses not to use a DEP Platform delivered by Atos Worldline, it 
is his responsibility to provide a PC with PCI bus to put the DEP Crypto Module into. 


In this case also providing the software of the PC is the responsibility of the customer. 


The DEP technician can collect DEP Platforms at the DEP manufacturer site. 
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10.1.2.C-ZAM/DEP 


The C-ZAM/DEP is delivered in authority level NONE to the customer. This means 
that there are no keys or capabilities loaded in it (except for the hard-coded INIT 
authority level keys that are the same for each customer). 


The DEP technician can order C-ZAM/DEPs at the Atos Worldline warehouse. 


10.1.3.Cust_ID 


The DEP AWL Security Officer guarantees that the customer identification number 
Cust_ID is unique. This is done using the DCC Personalisation System (see the DCC 
Personalisation System User Manual). 


The DEP AWL Security Officer communicates the Cust_ID to the DEP technician. 


10.1.4.Pre-expired usernames & passwords 


The security officers in the security department of Atos Worldline generate the pre- 
expired passwords and usernames for the customer, to be used as initial authentication 
credential. These credentials are identical for all the customers. However, the 
DEP/PCI cannot perform any security operation, unless the pre-expired credentials 
changed by the administrator’s crypto officers of the customer. Each administrator 
receives independently his own pre-expired credential in a secure way and in 
nominative sealed secure envelope. 


10.1.5.KAWL key components 


The KAWL key components are created in secure room of the security department at 
Atos Worldline. Each component is send to the adequate customer crypto officer (the 
administrator) via a secure way and a nominative sealed secure envelope. 


10.1.6.DCC 


The DCCs are packaged in a secured envelope together with the corresponding PIN 
codes. The secured envelope contains the reference of the destination Customer’s 
Security Officer. 


This package is handed over to the Customer’s Security Officer by a DEP technician. 
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10.1.6.1.Smart cards 


When receiving a request of a customer, the DEP AWL Security Officer can order 
empty Smart Cards (type: Bull CP8 Integrated Chip Cards (ICC) with the TB 
Operating System) at the Atos Worldline warehouse. These are standard Smart Cards, 
delivered by the Smart Card manufacturer, which did not go through any procedure 
yet. 


10.1.6.2.Use DCC Personalisation System 


To convert the standard Smart Cards into the different DCCs that can be used in the 
DEP environment, the DCC Personalisation System is used. Only DEP AWL Security 
Officers are allowed to create DCCs. 


This tool performs following actions: 
e Bring the DCCs to the Atos Worldline Authority level, 
e Definition and printing of the PIN code, 


e Write the default Definition List on the DCCs. 


Detailed information regarding this tool can be found in the DCC Personalisation 
System User Manual. 


10.1.6.3.Labelling 


For the creation of the labels (one for each DCC), the Labels DCC6 Excel document 
is used. 


Concerning the Storage DCCs labels, following parameters are defined: 
e Cust_ID: Customer identification. 
e First STO: Number that is given to the first Storage DCC. The numbers for 
the following 3 DCCs are automatically incremented with 1. 
For the List DCCs labels, following parameters are defined: 
e Cust_ID: Customer identification. 
e First List: Number that is given to the first List DCC. The numbers for the 


second DCC is automatically incremented with 1. 


Note: If the labels are created for Test Mode DCCs, the Cust_ID will always be 
‘0001’ 
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Example of Live Storage label: Example of Test Storage label: 


DEP Control Card 
CUST 0087 DEP Coxtro! Card 
DCC 00000228 
KM_&UTH_BKS 
CAP_AUTH_CUST 


CUST 0001 
DCC 00000224 
KM_A&UTH_BKS 
CAP_AUTH_CUST 





hanksys hanxsys 





10.1.7.Delivery Documentation 


There is no specific delivery documentation when the DEP technician delivers the 
DEP system. Only a delivery note has to be signed by the customer for invoice 
purposes. 


10.2. DELIVERY SOFTWARE 


The software delivery consists of: 


DEP Application Software 
Software Authentication Code 
Hand Over Form document 
Delivery Confirmation Document 


The role of the DEP AWL Security Officer is to guarantee the integrity (and 
confidentiality) of the Application Software. 


Once the Software Authentication Code is calculated (and the Application Software is 
encrypted), the DEP AWL Security Officer gives the right to distribute/deliver the 
Application Software to the corresponding customer. 


Before the Software Authentication Code File is transferred it has to be guaranteed 
that only the Software Authentication Codes for the dedicated customer are 
mentioned. Possibly other Software Authentication Codes must be deleted on the 
temporary copy. 


ATOS Worldline - Technologies & Products Page: 22/28 
DEP ATOS Worldline Security Officer Guide (03.08) Classification: Restricted 


It is not necessarily the DEP AWL Security Officer that sends the (encrypted) 
Application Software and Software Authentication Code to the Customer’ Security 
Officer. 


The media for distributing the (encrypted) Application Software and the SAC is not 
defined. Different alternatives are possible: encrypted e-mail, diskette, CD...When 
sending by e-mail, the encryption tool used is PGP. It is the task of the DEP AWL 
Security Officer to obtain and check the PGP key (using the fingerprint) of the 
customer Security Officer. 


Together with the DEP Application Software and the SAC, a Hand Over Form 
document (see paragraph 12.2) is delivered to formalise the delivery of the DEP 
Software. 


A Delivery Confirmation Document (see paragraph 12.1) is also forwarded to allow 
the customer to confirm the receipt of the delivery. When the customer receives the 
delivery, the customer should confirm the delivery by returning the Delivery 
Confirmation Document. 


10.2.1.Offer/Request 


Each time a customer request DEP Application Software, a DEP Software Offer 
Analysis is created containing the following information: 


e Sequence Number of the Offer/Request 
o Requester (Name) 
o Date Request 


e Information given by the customer 
o Requested Operational Date 


e Information given by the Atos Worldline analyst 
o Document and software version 
o Document and software date 
o Document and software status 
o Document confidentiality 


The information of theses offers/requests is stored at Atos Worldline in the directory: 
\\cursa\DIV\TP\SPA\BS A\DEP\PRV\Administration\Offers 
The offers/requests are divided in three categories, namely: 
e Delivered 


e Development in Progress 
e No Action 
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The name of an offer/request has the following format: 


e Sequence number 
e ‘_OFFER_ANALYSIS _’ 
e Name of the customer, e.g. 0036 _OFFER_ANALYSIS_INTERPAY.doc 


10.2.2.DEP Software Handover Form 


A DEP Software Handover Form document (see paragraph 12.2) contains the 
following information: 


e Description 


oO 


OoO000 0 


Software Name: name of the delivered software, 

Date: finalization date of the software, 

Project Leader: name of the Atos Worldline project leader, 
Customer: name of the customer, 

Short History of the software 

Remarks: Additional remarks (optional) 


e Acceptation Team 


O 
O 
oO 


Release and sub-release number that is tested, 
Name of the Atos Worldline Tester, 
Name of the Test Report, 


e Software details 


oO 


OoOO000 0 


Indicates that it is a final or a Beta release, 

File name of the software, 

Version of the software, 

Creation date of the software, 

Size of the software, 

How the software is delivered (e.g. floppy, CD-ROM, e-mail) 


e Dependencies 


O 


Overview of all delivered software including the version numbers. 


e Project and Team Leaders 


oO 
O 
O 


Information about current release. 
Date 
Names of the Project and Team leader 


The Delivery documentation can be found in following directory: 


\\cursa\\DIV\TP\SPA\BS A\DEP\PR V\SoftwareFactory\DEP_PCI_ISA\customer name 


10.2.3.Delivery Confirmation Document 
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A Delivery Confirmation document (see paragraph 12.1) contains the following 
information: 


e General information: General guidelines concerning the delivery. 
e DEP Software information: 
= Software name: Name of the delivered Software including the 
version number. 
= Software date: Delivery date of the Software. 
= Document references: This is an overview of all DFS/ADD 
documentation delivered. 
e Delivery confirmation: Confirmation of the receipt of the software, DEP Software 
Hand Over Form and documentation with the above references. 
e Signature: Customer Signature. 


The Delivery documentation can be found in following directory: 


\\cursa\DIV\TP\SPA\BS A\DEP\PR V\SoftwareFactory\DEP_PCI_ISA\customer name 


10.3. DELIVERY DOCUMENTATION 


However, detailed information is available on the DEP/PCI and other Atos Worldline 
and Atos Worldline products from the following sources: 


e The Atos Worldline and Atos Worldline internet site contains information on 
the full line of security products at http://www.banksys.be/ 


In order to properly install the DEP/PCI, the ATOS Worldline administrators have to 
read the documents on the site of the DEP products: 


e = http://www.banksys.com/ 


There are several documents as 


DEP Documents 
* 1-1 DEP Document Overview (new version) 
* 1-2 DEP Introduction to DEP 

1-3 DEP General Architecture 

1-4 DEP Glossary 

2-1 DEP Host Interface Protocol 

2-2 DEP DS3 and DS4 Principles 

2-3 DEP Secret Sharing Mechanism 

2-4 DEP Security Mechanisms 























3-1 DEP/NT Host Interface Supervision User Manual 
3-2 DEP/NT DEP Handler Supervision User Manual 
3-3 C-ZAM/DEP User Manual 

3-4 DEP PC-AUX Program User Manual 

3-5 DEP Key Derivation Tool User Manual 

3-6 DEP RSA Key Gen&Use Program User Manual 
3-7 DEP RSA Key Loading Program User Manual (new version) 
3-8 DEP/Linux User Manual 

4-1 DEP/NT Installation Guide 

4-2 DEP Atos Worldline' Security Officer's Guide 

4-3 DEP Customer's Security Officer's Guide 



































e+ ef @ + + HHH HHH HH HH 
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4-4 DEP Key Backup Conversion Guide 





4-5 DEP Customer Host Programmers Guidelines 


4-6 DEP Key Entry Guide 
4-7 DEP QUICK load Guide 





“++ + 





There is no specific delivery documentation when the Atos Worldline DEP/PCI 
technician delivers the DEP/PCI system. Only a delivery note has to be signed by the 
customer for invoice purposes. The customer security officer is advised to have a 
look at the same list of documents on the Internet site of Atos Worldline. 


11. MANAGEMENT ISSUES 


Because the DCC Personalisation contains a lot of sensitive and important 
information, the necessary precautions must be taken to avoid leakage loss of sensitive 
information. 


Therefore it is important that the access to the DCC Personalisation System is limited 
and under control of the DEP AWL Security Officer. 


Regular backup of the database are important to avoid loss of information. 
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12. ANNEXES 


12.1. DELIVERY CONFIRMATION DOCUMENT 


Delivery Confirmation Document 


General information - 


This document should be retumeedto dank sy sto express the receipt ofthe dexk sys’ DEP sofbaare, 
DEP Software Hand Over Foun and software documentation. Please send this document to: 


dank sys— Tecnimal & Cards Applications 
Zankng and Security App Raations 
Haachtesesteerrmeg 1442 

1130 Bresek 

Fax: +32 2.727 6250 


Software Name : 
DEP Sothaare Binary Name/Date : 
Docment References 

- tegration Maroial 

- DFS/ADD1 

- DFS/ADD2 

- DFS/ADD3 

- DFS/ADD4 

- DFS/ADDS 

- DFS/ADD6 

- DFS/ADD? 

- DFS/ADDS 

- DFS/ADD9 

- DFS/aDD10 


Delivery Confrmation - 
Cordirmation ofthe receipt ofthe sofhaare binary, DEP Sofbaare Hand Over Fomm and documentation 
withthe above references: 


OD YES .we received all the comporuntts 
0 NO, we didn treceine the followmg comport: 
oO Software Bi 


mary 
Oo DEP Software Hand Over Foon 
Oo Doomerdation 
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12.2. DEP SOFTWARE HANDOVER FORM 


DEP Software HandOver Form 


Description - 


Project Leader 
Customer 
Short History 


Acceptation Tears - 
Release & Sub-Release Number tested 


Software Detaffs - 


D Final Release 


Hlename’Labal Version i Support 
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Dependencies - 
0) DEP Software OO DEP/NT Softwaze 


Requires the following minimal configuration: 


Alam Software Version 
Boot Sothware Version 


DEP Harviler Service Version : 
DEP Handler Supemrision Version : 
Host Interface Senrice Version : 
Host terface Supervision Versian : 


C-ZANVDEP Version 


Froject & Team Leaders - 


Release Accepted : &) Yes O No 
Replaces previous version: B) Yes RE 


Date : Date : 
Name Project Leader Name Team Leader 





